Upgrade to release 6.4.2 which brings security improvements: Parsing of the cookie header is now much more efficient. The older algorithm sometimes had quadratic performance which allowed for a denial-of-service attack in which the server would spend excessive CPU time parsing cookies and block the event loop. This change fixes CVE-2024-7592.
Signed-off-by: Leon Anavi <[email protected]> --- .../{python3-tornado_6.4.1.bb => python3-tornado_6.4.2.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-tornado_6.4.1.bb => python3-tornado_6.4.2.bb} (93%) diff --git a/meta-python/recipes-devtools/python/python3-tornado_6.4.1.bb b/meta-python/recipes-devtools/python/python3-tornado_6.4.2.bb similarity index 93% rename from meta-python/recipes-devtools/python/python3-tornado_6.4.1.bb rename to meta-python/recipes-devtools/python/python3-tornado_6.4.2.bb index b8f6752f28..751f32913a 100644 --- a/meta-python/recipes-devtools/python/python3-tornado_6.4.1.bb +++ b/meta-python/recipes-devtools/python/python3-tornado_6.4.2.bb @@ -6,7 +6,7 @@ HOMEPAGE = "http://www.tornadoweb.org/en/stable/"; LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" -SRC_URI[sha256sum] = "92d3ab53183d8c50f8204a51e6f91d18a15d5ef261e84d452800d4ff6fc504e9" +SRC_URI[sha256sum] = "92bad5b4746e9879fd7bf1eb21dce4e3fc5128d71601f80005afa39237ad620b" inherit pypi python_setuptools_build_meta -- 2.39.5
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#114036): https://lists.openembedded.org/g/openembedded-devel/message/114036 Mute This Topic: https://lists.openembedded.org/mt/109770795/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
